Why Use This
This skill provides specialized capabilities for HoangNguyen0403's codebase.
Use Cases
- Developing new features in the HoangNguyen0403 repository
- Refactoring existing code to follow HoangNguyen0403 standards
- Understanding and working with HoangNguyen0403's codebase structure
Install Guide
2 steps - 1
- 2
Install inside Ananke
Click Install Skill, paste the link below, then press Install.
https://github.com/HoangNguyen0403/agent-skills-standard/tree/develop/skills/react/security
Skill Snapshot
Auto scan of skill assets. Informational only.
Valid SKILL.md
Checks against SKILL.md specification
Source & Community
Updated At Jan 18, 2026, 04:24 AM
Skill Stats
SKILL.md 51 Lines
Total Files 1
Total Size 0 B
License NOASSERTION
---
name: React Security
description: Security practices for React (XSS, Auth, Dependencies).
metadata:
labels: [react, security, xss, auth]
triggers:
files: ['**/*.tsx', '**/*.jsx']
keywords: [dangerouslySetInnerHTML, token, auth, xss]
---
# React Security
## **Priority: P0 (CRITICAL)**
Preventing vulnerabilities in client-side apps.
## Implementation Guidelines
- **XSS**: Avoid `dangerouslySetInnerHTML`. Sanitize via `DOMPurify` if needed.
- **URLs**: Validate `javascript:` protocols in user links.
- **Auth**: Store tokens in `HttpOnly` cookies. Avoid `localStorage`.
- **Deps**: Run `npm audit`. Pin versions.
- **Secrets**: Server-side only. No `.env` secrets in build.
- **CSP**: Strict Content-Security-Policy headers.
## Anti-Patterns
- **No `eval()`**: RCE risk.
- **No Serialized State**: Don't inject JSON into DOM without escaping.
- **No Client Logic for Permissions**: Backend must validate.
## Code
```tsx
import DOMPurify from 'dompurify';
// Safe HTML Injection
function SafeHtml({ content }) {
const clean = DOMPurify.sanitize(content);
return <div dangerouslySetInnerHTML={{ __html: clean }} />;
}
// Bad Link Prevention
const safeUrl = url.startsWith('javascript:') ? '#' : url;
<a href={safeUrl}>Link</a>;
```
## Related Topics
common/security-standards | typescript/security | component-patterns
